Just say no

When ransomware locks down a computer or an entire system at your organization, what do you do? If you get an email from a hacker threatening a DDoS attack that will level your website, how do you respond?

While many might be eager to pay the bitcoin ransom that attackers demand, many more say no. They refuse for a number of reasons, some ethical, some practical. Through their research, Radware displays six real-life scenarios where victims refused to pay up when faced with a ransom attack.

Thinkstock

They don’t believe that the attacker will follow through

While most hackers deliver on their threats, some are imposters simply cashing in on businesses’ willingness to pay. The threat of a DDoS attack is particularly easy for an attacker to make as it requires very little time or money to exhibit the ability to attack. Yet, in some cases a threatened DDoS attack might be more bluster than true threat.

They don’t know how or don’t want to figure out how to purchase bitcoin

Since most attackers demand payment in the cryptocurrency, victims, many of whom have never dealt with bitcoin before, have a steep learning curve to overcome to meet the demand. Many simply pass.

Thinkstock

They have engaged law enforcement and are following guidance from their policing body

Similar to dealing with kidnappers, the attacker in essence has the upper hand by holding data or systems hostage. Once the matter is in the hands of the authorities, many believe there’s no sense in paying and simply follow instructions from authorities.

Thinkstock

They don’t believe the payment will make the attack go away (i.e., they’ll come back asking for more with higher stakes)

Paying a ransom is like negotiating with a terrorist. There’s no guarantee the attacker will give you the key to a locked-down system or not follow through on a DDoS attack even after you pay up.

Thinkstock

They believe word will get out that they ‘roll over’ when faced with the threat

If you pay, be prepared to keep paying. Every payment incentivizes the entire ransomware industry to keep chugging along, and if you show you’re willing to pay, you’re essentially announcing you’re open for business.

Pexels

They have strong and effective cybersecurity measures in place to prevent a successful attack

Companies that have already invested in security protections and have the financial means or technical wherewithal to fight the threat don’t need to pay, since they can easily defend against any DDoS attacks or quickly recover from a locked system.